| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Jul 2018 09:51:20 +0800
From: Baoquan He <bhe@...hat.com>
To: Michal Hocko <mhocko@...nel.org>
Cc: Chao Fan <fanc.fnst@...fujitsu.com>,
Dou Liyang <douly.fnst@...fujitsu.com>,
akpm@...ux-foundation.org, linux-mm@...ck.org,
linux-kernel@...r.kernel.org, x86@...nel.org,
yasu.isimatu@...il.com, keescook@...omium.org,
indou.takao@...fujitsu.com, caoj.fnst@...fujitsu.com,
vbabka@...e.cz, mgorman@...hsingularity.net
Subject: Re: Bug report about KASLR and ZONE_MOVABLE
On 07/16/18 at 05:24pm, Michal Hocko wrote:
> On Mon 16-07-18 21:02:02, Baoquan He wrote:
> > On 07/16/18 at 01:38pm, Michal Hocko wrote:
> > > On Fri 13-07-18 07:52:40, Baoquan He wrote:
> > > > Hi Michal,
> > > >
> > > > On 07/12/18 at 02:32pm, Michal Hocko wrote:
> > > [...]
> > > > > I am not able to find the beginning of the email thread right now. Could
> > > > > you summarize what is the actual problem please?
> > > >
> > > > The bug is found on x86 now.
> > > >
> > > > When added "kernelcore=" or "movablecore=" into kernel command line,
> > > > kernel memory is spread evenly among nodes. However, this is right when
> > > > KASLR is not enabled, then kernel will be at 16M of place in x86 arch.
> > > > If KASLR enabled, it could be put any place from 16M to 64T randomly.
> > > >
> > > > Consider a scenario, we have 10 nodes, and each node has 20G memory, and
> > > > we specify "kernelcore=50%", means each node will take 10G for
> > > > kernelcore, 10G for movable area. But this doesn't take kernel position
> > > > into consideration. E.g if kernel is put at 15G of 2nd node, namely
> > > > node1. Then we think on node1 there's 10G for kernelcore, 10G for
> > > > movable, in fact there's only 5G available for movable, just after
> > > > kernel.
> > >
> > > OK, I guess I see that part. But who is going to use movablecore along
> > > with KASLR enabled? I mean do we really have to support those two
> > > obscure command line parameters for KASLR?
> >
> > Not very sure whether we have to support both of those to work with
> > KASLR. Maybe it's time to make clear of it now.
>
> Yes, I would really like to deprecate this. It is an ugly piece of code
> and it's far from easily maintainable as well.
>
> > For 'kernelcore=mirror', we have solved the conflict to make it work well
> > with KASLR. For 'movable_node' conflict with KASLR, Chao is posting
> > patches to fix it. As for 'kernelcore=' and 'movablecore=',
> >
> > 1) solve the conflict between them with KASLR in
> > find_zone_movable_pfns_for_nodes();
> > 2) disable KASLR when 'kernelcore=' | 'movablecore=' is set;
> > 3) disable 'kernelcore=' | 'movablecore=' when KASLR is enabled;
> > 4) add note in doc to notice people to not add them at the same time;
>
> I would simply warn that those kernel parameters are not supported
> anymore. If somebody shows up with a valid usecase we can reconsider.
OK, got it. The use case I can think of is that people want to check
hotplug on system w/o hotplug ACPI info.
I am fine with warning people they are not supported. Should I post a
patch to address this, or you will do it? Both is fine to me.
>
> > 2) and 3) may need be fixed in arch/x86 code. As long as come to an
> > agreement, any one is fine to me.
> > >
> > > In fact I would be much more concerned about memory hotplug and
> > > pre-defined movable nodes. Does the current KASLR code work in that
> > > case?
> >
> > As said above, kernelcore=mirror works well with KASLR now. Making
> > 'movable_node' work with KASLR is in progress.
>
> OK, thanks for the info.
You are welcome.
Thanks
Baoquan
Powered by blists - more mailing lists